Form submission, Email Security

Question

pallen 0 Light Poster

12 Years Ago

I am adding a page to my site that allows doctors to send me referrals. Some of the data will be highly sensitive, so I need to be sure that it is handled as securely as possible. The data doesn't get stored in a database. It is simply emailed directly to me. The PHP script is below.

I use the str_replace function to filter out URLs. I'm not too concerned about that. I really, though, need to be sure that bad guys cannot intercept what's being sent. The lawsuit may be a little more than ugly. How does it look? Does anyone think I need to add or remove anything to keep the bad guys at bay? I plan on adding a Captcha before I publish the page. Thanks in advance.

if(isset($_POST['submit'])) {

		

			$domains = array('.com', '.org', '.net', '.gov', '.edu', '.mil', '.int');

			$replacement = array('/*com*', '/*org*', '/*net*', '/*gov*', '/*edu*', '/*mil*', '/*int*');



			$to = "email@place.com";

			$subject = "**** (Referral)";

			$physican_field = strip_tags($_POST['physician']);

			$name_field = strip_tags($_POST['patient']);

			$insurance_field = strip_tags($_POST['primary']);

			$insurancenumber_field = strip_tags($_POST['insurance#']);

			$phone_field = strip_tags($_POST['phone']);

			$address = strip_tags($_POST['address']);

			$address = str_replace($domains, $replacement, $address);

			

			$body = "Physician: $physican_field\n Patient: $name_field\n Phone: $phone_field\n Primary Insurance: $insurance_field\n Insurance/Medicare#: $insurancenumber_field\n File: $file_uploaded\n Address: $message\n";

			

			mail($to, $subject, $body);

			



		} else {



			die("We apologize, but your form was not submitted succesfully");



		}

cybersecurity email php

Edited 12 Years Ago by pallen because: Make it clearer

4 Contributors
5 Replies
128 Views
1 Week Discussion Span
Latest Post 12 Years Ago Latest Post by urtrivedi

pritaeas 2,194 ¯\_(ツ)_/¯

12 Years Ago

If you want to make interception more difficult, use an SSL connection. Then it will at least be sent encrypted.

Or let those doctors e-mail it to you directly, without using the webpage.

urtrivedi 276 Nearly a Posting Virtuoso

12 Years Ago

Capthcha is used to avoid spam generated by bots, it can not defeat or restrict a human.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

pallen 0 Light Poster · Answer 1 · 2011-11-21T23:39:04+00:00

I was thinking about an SSL, but I don't want to pay for it. And they could email it, but they invariably leave out important info that patients never want to give out over the phone. With the form, I make each field required, and then I know I have it. I guess an SSL maybe the safest bet, though.

Thanks for the reply

reganstar 0 Junior Poster in Training · Answer 2 · 2011-11-24T21:15:26+00:00

Imo, CAPTCHA will not serve your purpose much. SSL is the best way. Find it expensive? I guess if so, there's the alternative of making your own SSL (but then users viewing a warning may be a downside).

pallen 0 Light Poster · Answer 3 · 2011-11-29T11:17:53+00:00

Thanks for the reply. I guess a private SSL isn't too bad. I checked and it's less expensive than I thought. Why don't you think CAPTHCA will serve the purpose?